Attack Surface Management: Some Say THE Key to Protecting (a little of my thoughts).

As I started to review my organisation over the last few months and look at our industry, what we do, how we do it and more or less, we all know that in today's digital age, cyber threats are becoming increasingly more sophisticated, targeted, frequent and in some cases just automated. As a result, my organisation must be as proactive as possible in our efforts to protect all our assets from attacks in time (I wanted to put cyber-attacks but people are targeted too). One of the most effective ways to achieve this goal is through adopting an Attack Surface Management (ASM) mindset.?

What is at the core of ASM is the process of identifying, assessing, and mitigating the potential vulnerabilities in an organisation's attack surface. The attack surface refers to the sum of all the ways an attacker can interact with the systems, applications, and data within an organisation. By reducing the size and complexity of the attack surface, organisations can reduce their risk of cyber-attacks. Understand the networks and how the systems talk to each other. What everyone seems to forget is that PEOPLE are also an attack surface, so they are also huge part of this equation.??

One of the many main benefits of taking an attack surface state of mind is that it allows you to be much more proactive in identify and remediating potential vulnerabilities - before they are exploited. Attack surface-centric thinking can help organizations pre-emptively reduce their attack surface - for example by removing or reducing the exposure of unnecessary systems, applications, and data.

Of course, this all seems easy in text form and written by someone else, but it is a team effort between security and the business to make this happen and keep supporting the direction.?

There are several key steps involved in ASM. The first job is to identify all the assets within an organisation's attack surface. This includes identifying all the systems, applications, and data that are accessible from the internet or other public networks. Once these assets have been identified, you can move on to assessing their security posture. This involves things like identifying potential vulnerabilities and assessing the risk associated with each vulnerability.??

Once the security posture of the assets has been assessed, the next step is to implement measures to reduce the risk associated with each vulnerability. This can be but is not limited to implementing security controls - firewalls, intrusion detection systems, encryption, whatever fits the scenario best - or something else like shortening the patching cycle for the organisations assets that are public facing. Some more advanced approaches involve things like building a high fidelity detection system in the organisation to obfuscate the attack surface (applied #deception .) You can automate moving target defense-type approaches by modifying the #deception posture in response to external events, like when you patch the environment (changing the vulnerability.) There's a very diverse set of actions to be taken as part of attack surface management.??

Outside of proactive measures, organisations NEED to have a response plan in place in the event that a security incident occurs and test it regularly. Plus adding the people element to the assessment means implementing security awareness, secure code training and more depending on the need.??

In conclusion, Attack Surface Management is a critical component of any organisation's cybersecurity strategy - and actually a change of mindset too - which is why I started to change my organisation. A proactive approach which helps identify, assess, and mitigate potential vulnerabilities in an organization's attack surface, reducing risk of cyber-attacks and protect their assets - both technical and human - what’s not to like about it?

#attacksurfacemanagement #Deception #Security101 #securityposture #Highfidelitydetection #Leadership